Undermining:social engineering using open source intelligence gathering

Digital deposits are undergoing exponential growth. These may in turn be exploited to support cyber security initiatives through open source intelligence gathering. Open source intelligence itself is a doubleedged sword as the data may be harnessed not only by intelligence services to counter cyber-crime and terrorist activity but also by the perpetrator of criminal activity who use them to socially engineer online activity and undermine their victims. Our preliminary case study shows how the security of any company can be surreptitiously compromised by covertly gathering the open source personal data of the company’s employees and exploiting these in a cyber attack. Our method uses tools that can search, drill down and visualise open source intelligence structurally. It then exploits these data to organise creative spear phishing attacks on the unsuspecting victims who unknowingly activate the malware necessary to compromise the company’s computer systems. The entire process is the covert and virtual equivalent of overtly stealing someone’s password ‘over the shoulder’. A more sophisticated development of this case study will provide a seamless sequence of interoperable computing processes from the initial gathering of employee names to the successful penetration of security measures

Design Thinking for Cyber Deception

Cyber deception tools are increasingly sophisticated but rely on a limited set of deception techniques. In current deployments of cyber deception, the network infrastructure between the defender and attacker comprises the defence/attack surface. For cyber deception tools and techniques to evolve further they must address the wider attack surface; from the network through to the physical and cognitive space. One way of achieving this is by fusing deception techniques from the physical and cognitive space with the technology development process. In this paper we trial design thinking as a way of delivering this fused approach. We detail the results from a design thinking workshop conducted using deception experts from different fields. The workshop outputs include a critical analysis of design provocations for cyber deception and a journey map detailing considerations for operationalising cyber deception scenarios that fuse deception techniques from other contexts. We conclude with recommendations for future research

Assessing the Credibility of Cyber Adversaries

Online communications are ever increasing, and we are constantly faced with the challenge of whether online information is credible or not. Being able to assess the credibility of others was once the work solely of intelligence agencies. In the current times of disinformation and misinformation, understanding what we are reading and to who we are paying attention to is essential for us to make considered, informed, and accurate decisions, and it has become everyone’s business. This paper employs a literature review to examine the empirical evidence across online credibility, trust, deception, and fraud detection in an effort to consolidate this information to understand adversary online credibility – how do we know with whom we are conversing is who they say they are? Based on this review, we propose a model that includes examining information as well as user and interaction characteristics to best inform an assessment of online credibility. Limitations and future opportunities are highlighted

Design thinking for cyber deception

Cyber deception tools are increasingly sophisticated but rely on a limited set of deception techniques. In current deployments of cyber deception, the network infrastructure between the defender and attacker comprises the defence/attack surface. For cyber deception tools and techniques to evolve further they must address the wider attack surface; from the network through to the physical and cognitive space. One way of achieving this is by fusing deception techniques from the physical and cognitive space with the technology development process. In this paper we trial design thinking as a way of delivering this fused approach. We detail the results from a design thinking workshop conducted using deception experts from different fields. The workshop outputs include a critical analysis of design provocations for cyber deception and a journey map detailing considerations for operationalising cyber deception scenarios that fuse deception techniques from other contexts. We conclude with recommendations for future research

Active offensive cyber situational awareness: theory and practice

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.There is an increasing gap between the progress of technological systems and the successful exploitation of these systems through cyber-attack. Whilst the mechanism and scope of cyberspace is progressing with each passing day, risk factors and the ability to process the required amount of data from cyberspace efficiently are proving to be major obstacles to achieving desired outcomes from cyber operations. This, coupled with the dramatic increase in the numbers of cyber attackers, who are constantly producing new ways of attacking and paralysing cyber systems for political or financial gain, is a critical issue for countries that have linked their major infrastructures with Internet applications. The defensive methods currently applied to counter these evolving attacks are no longer sufficient, due to their preventive and reactive nature. This research has developed a new Active Situational Awareness theoretical model for Active Defence that aims to enhance the agility and quality of cyber situational awareness in organisations in order to counter cyber attacks. Situational Awareness (SA) is a crucial component in every organisation. It helps in the assessment of an immediate situation in relation to the environment. Current SA models adopt a reactive attitude, which responds to events and works in passive manner to any progressing enemy cyber attack. This creates a defensive mind-set and consequently influences the operator to process and utilise knowledge only within the concept of attack prevention. Thus, one can assume that operators will only gather certain knowledge after the occurrence of an attack, instead of actively searching for new intelligence to create new knowledge about the cyber attack before it takes place. This research study introduces a new approach that incorporates an Active Defence posture; namely, a ‘winning attitude’ that conforms to the military stratagems of Sun Tzu, where operators always engage attackers directly in order to create new knowledge in an agile manner by deploying active intelligence-gathering techniques to inform active defence postures in cyberspace. This also allows the system being protected to remain one step ahead of the attackers to ultimately defeat them and thwart any costly attacks. To back these statements, this study issued a survey to 200 cyber defence and security experts in order to collect data on their opinions concerning the current state of Active SA. Structural Equation Modelling (SEM) was then employed to analyse the data gathered from the survey. The results of the analysis revealed significant importance of Active Offensive Intelligence gathering in enhancing Cyber SA. The SEM showed there is a significant impact on SA Agility and Quality from Active Intelligence gathering activities. Further to this, the SEM results informed the design of the serious gaming environments utilised in this research to verify the SEM causality model. Also, the SEM informed the design of a SA assessment metric, where a behavioural anchor rating scale was used along with ground truth to measure participant SA performance. The results of this experiment revealed that there was 2 times better enhancement in cyber Situational awareness among those who did utilise active measures compared with participants who did not which mean almost double and this shows the importance of offensive intelligence gathering in enhancing cyber SA and speed up defender decision making and OODA loop. This research provided for the first time a novel theory for active cyber SA that is aligned with military doctrine. Also, a novel assessment framework and approaches for evaluating and quantifying cyber SA performance was developed in this research study. Finally, a serious gaming environment was developed for this research and used to evaluate the active SA theory which has an impact on training, techniques and practice Deception utilisation by Active groups revealed the importance of having deception capabilities as part of active tools that help operators to understand attackers’ intent and motive, and give operators more time to control the impact of cyber attacks. However, incorrect utilisation of deception capabilities during the experiment led operators to lose control over cyber attacks. Active defence is required for future cyber security. However, this trend towards the militarisation of cyberspace demands new or updated laws and regulations at an international level. Active intelligence methods define the principal capability at the core of the new active situational awareness model order in to deliver enhanced agility and quality in cyber SA.Abu Dhabi Police General Head Quarter

Mitigating the Risk of Knowledge Leakage in Knowledge Intensive Organizations: a Mobile Device Perspective

In the current knowledge economy, knowledge represents the most strategically significant resource of organizations. Knowledge-intensive activities advance innovation and create and sustain economic rent and competitive advantage. In order to sustain competitive advantage, organizations must protect knowledge from leakage to third parties, particularly competitors. However, the number and scale of leakage incidents reported in news media as well as industry whitepapers suggests that modern organizations struggle with the protection of sensitive data and organizational knowledge. The increasing use of mobile devices and technologies by knowledge workers across the organizational perimeter has dramatically increased the attack surface of organizations, and the corresponding level of risk exposure. While much of the literature has focused on technology risks that lead to information leakage, human risks that lead to knowledge leakage are relatively understudied. Further, not much is known about strategies to mitigate the risk of knowledge leakage using mobile devices, especially considering the human aspect. Specifically, this research study identified three gaps in the current literature (1) lack of in-depth studies that provide specific strategies for knowledge-intensive organizations based on their varied risk levels. Most of the analysed studies provide high-level strategies that are presented in a generalised manner and fail to identify specific strategies for different organizations and risk levels. (2) lack of research into management of knowledge in the context of mobile devices. And (3) lack of research into the tacit dimension of knowledge as the majority of the literature focuses on formal and informal strategies to protect explicit (codified) knowledge.Comment: The University of Melbourne PhD Thesi

Cryptocurrencies and future financial crime.

Background: Cryptocurrency fraud has become a growing global concern, with various governments reporting an increase in the frequency of and losses from cryptocurrency scams. Despite increasing fraudulent activity involving cryptocurrencies, research on the potential of cryptocurrencies for fraud has not been examined in a systematic study. This review examines the current state of knowledge about what kinds of cryptocurrency fraud currently exist, or are expected to exist in the future, and provides comprehensive definitions of the frauds identified. Methods: The study involved a scoping review of academic research and grey literature on cryptocurrency fraud and a 1.5-day expert consensus exercise. The review followed the PRISMA-ScR protocol, with eligibility criteria based on language, publication type, relevance to cryptocurrency fraud, and evidence provided. Researchers screened 391 academic records, 106 of which went on to the eligibility phase, and 63 of which were ultimately analysed. We screened 394 grey literature sources, 128 of which passed on to the eligibility phase, and 53 of which were included in our review. The expert consensus exercise was attended by high-profile participants from the private sector, government, and academia. It involved problem planning and analysis activities and discussion about the future of cryptocurrency crime. Results: The academic literature identified 29 different types of cryptocurrency fraud; the grey literature discussed 32 types, 14 of which were not identified in the academic literature (i.e., 47 unique types in total). Ponzi schemes and (synonymous) high yield investment programmes were most discussed across all literature. Participants in the expert consensus exercise ranked pump-and-dump schemes and ransomware as the most profitable and feasible threats, though pump-and-dumps were, notably, perceived as the least harmful type of fraud. Conclusions: The findings of this scoping review suggest cryptocurrency fraud research is rapidly developing in volume and breadth, though we remain at an early stage of thinking about future problems and scenarios involving cryptocurrencies. The findings of this work emphasise the need for better collaboration across sectors and consensus on definitions surrounding cryptocurrency fraud to address the problems identified